Privacy policy

Privacy policy

pursuant to art. 13 of EU Regulation no. 679/2016 and Italian Legislative Decree no. 196/2003

This privacy policy (“Policy”) has been drafted in accordance with the EU Regulation no. 2016/679 (“GDPR”) and Italian Legislative Decree no. 196/2003 (“Privacy Code”) and provides to the users which access and interact with the website (the “Website”) information on how the professional Association “Insight Studio Legale” (“Law Firm” or “Data Controller”), with registered office in Milan, Piazzale Marengo no. 6, e-mail address, in its quality of data controller, will process their personal data.
This Policy refers only to the Website and not to other web pages and/or third-party websites which are accessible through links that may be present on the Website. Therefore, we invite users to read the relevant privacy policies of those third-party websites to better understand how they process personal data.

1. For what purposes we process personal data and what is the legal basis of the processing?

 A. To reply to the users’ requests and to provide the legal advice requested through the contacts shown on the Website.

Legal basis: the processing is necessary to take charge of and to correctly manage the users’ request.

B. For purposes related to the legal defence, the management of complaints and litigation proceedings, the possible recovery of debts, the prevention of fraud to the Law Firm’s IT systems and/or of other unlawful activities carried out against the Data Controller.

Legal basis: the processing is necessary for the achievement of a legitimate interest of the Data Controller and/or of third parties, which, by virtue of the assessments of the Data Controller, does not prevail over the fundamental rights and freedoms of the users.

C. For purposes related to the fulfilment of legal obligations, regulations, national and/or EU law provisions as well as of provisions issued by the public authorities authorized by law.

Legal basis: the processing is necessary to comply with a legal obligation and/or with an order of an authority.

D. To defend the legitimate interests of the Data Controller or of third parties (for example, the right to file a complaint, the prevention of fraud and/or illegal activities, etc.).

Legal basis: the processing is necessary for the achievement of a legitimate interest of the Data Controller and/or of third parties.

E. With the express and specific consent of the user, to send by e-mail to the latter commercial and/or promotional communications and/or newsletters regarding the services offered by the Data Controller, as well as invitations to conferences, events and/or meetings organized by the Data Controller.

Legal basis: the legal basis of the processing for these marketing purposes is represented by the consent that users may decide to freely provide to the Data Controller.

2. Are you required to provide your personal data?

In relation to the purposes (A), (B), (C) and (D) above, the provision of your personal data is necessary and any refusal to provide such data may make it impossible to provide the services requested (e.g. information/legal advice, etc.). In relation to the purpose (E) above, however, you may freely decide to provide/not to provide your consent and any refusal to the processing of your personal data will only result in the impossibility to stay updated on the activities and services of the Data Controller, but you will not be precluded in any way from using the Website.

3. To whom will we communicate your personal data?

The personal data provided by the user will not be disclosed and may be communicated by the Data Controller, for the purposes described in this Policy, to the categories of subjects indicated below:

(i) companies, collaborators, consultants and/or professionals entrusted by the Data Controller for the performance of tasks of a technical or organizational nature related to the Website (such as, for example, IT companies, developers, etc.) or with which the Data Controller collaborates, for the proper provision and operation of its services;

(ii) persons, companies, or professional firms providing assistance and advice to the Data Controller, with particular but not exclusive reference to accounting, administrative, legal, tax and financial matters;

(iii) persons to whom the right of access to the personal data is recognized by legal provisions or orders of the authorities.

The subjects belonging to the above-mentioned categories will process the data as autonomous data controllers or data processors, in the latter case duly appointed by the Data Controller.

The data may also be brought to the attention of the Data Controller’s personnel, who will process them on the basis of a prior written authorization.

Your personal data will not be transferred outside the European Union.

4. How long do we store your personal data?

Your data will be stored, in accordance with the law, for a period of time not exceeding what is necessary to achieve the purposes for which they have been processed and in any case in compliance with the limitation period provided for by the Civil Code and applicable laws. Then, they will be deleted.

With specific reference to the marketing purposes (see letter E of the purposes indicated above), the Data Controller will keep the user’s data until the user requests to no longer receive such communications.

5. What rights you can exercise in relation to your personal data?

We remind you that you can exercise the privacy rights provided for by the GDPR and in particular, you can ask for confirmation that your data is being processed, the access to information relating to the processing, the correction of inaccurate or incomplete personal data, the deletion of personal data, the restriction of the processing; moreover, you can ask to receive your data in a structured, commonly used and machine-readable format and send them to another data controller or you can ask that personal data are directly transmitted to another data controller, if technically feasible (so-called “data portability”); you have also the right to withdraw, at any time, the consent provided, without affecting the lawfulness of the processing based on the consent before the withdrawal.

Furthermore, the user has the right to object in whole or in part to the processing of his/her personal data for legitimate reasons.

These rights may be exercised by sending an e-mail to the following address

Finally, the user has the right to file a complaint at the Italian data protection Authority ( if he/she believes that the processing of his/her personal data is carried out in violation of the applicable privacy laws.

Amendments and updates to this Policy

This policy has been updated in October 2020.
Users are invited to regularly check the Policy for any further updates.